From 725df6cdadc11cf1bbbfa3a57982ec19624c6fbe Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 30 Sep 2021 17:01:14 -0400
Subject: [PATCH] Drop RC4 custom code and "export" options.

Drop the old custom implementation of RC4, and use the openssl one
instead.
Drop old weak "export" options that have been advertized but not really
functional/implemented for a long time.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 configure.ac        |   6 +-
 plugins/digestmd5.c | 184 --------------------------------------------
 2 files changed, 5 insertions(+), 185 deletions(-)

diff --git a/configure.ac b/configure.ac
index e1bf53b6..f4606abb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1094,7 +1094,11 @@ AC_ARG_WITH(rc4, [  --with-rc4              use rc4 routines [[yes]] ],
 	with_rc4=yes)
 
 if test "$with_rc4" != no; then
-    AC_DEFINE(WITH_RC4,[],[Use RC4])
+    if test "$with_openssl" = no; then
+        AC_WARN([OpenSSL not found -- RC4 will be disabled])
+    else
+        AC_DEFINE(WITH_RC4,[],[Use RC4])
+    fi
 fi
 
 building_for_macosx=no
diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
index c8bb06c6..8de9b4b8 100644
--- a/plugins/digestmd5.c
+++ b/plugins/digestmd5.c
@@ -1131,7 +1131,6 @@ static void free_des(context_t *text)
 #endif /* WITH_DES */
 
 #ifdef WITH_RC4
-#ifdef HAVE_OPENSSL
 #include <openssl/evp.h>
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -1316,194 +1315,11 @@ static int enc_rc4(context_t *text,
 
     return SASL_OK;
 }
-#else
-/* quick generic implementation of RC4 */
-struct rc4_context_s {
-    unsigned char sbox[256];
-    int i, j;
-};
-
-typedef struct rc4_context_s rc4_context_t;
-
-static void rc4_init(rc4_context_t *text,
-		     const unsigned char *key,
-		     unsigned keylen)
-{
-    int i, j;
-    
-    /* fill in linearly s0=0 s1=1... */
-    for (i=0;i<256;i++)
-	text->sbox[i]=i;
-    
-    j=0;
-    for (i = 0; i < 256; i++) {
-	unsigned char tmp;
-	/* j = (j + Si + Ki) mod 256 */
-	j = (j + text->sbox[i] + key[i % keylen]) % 256;
-	
-	/* swap Si and Sj */
-	tmp = text->sbox[i];
-	text->sbox[i] = text->sbox[j];
-	text->sbox[j] = tmp;
-    }
-    
-    /* counters initialized to 0 */
-    text->i = 0;
-    text->j = 0;
-}
-
-static void rc4_encrypt(rc4_context_t *text,
-			const char *input,
-			char *output,
-			unsigned len)
-{
-    int tmp;
-    int i = text->i;
-    int j = text->j;
-    int t;
-    int K;
-    const char *input_end = input + len;
-    
-    while (input < input_end) {
-	i = (i + 1) % 256;
-	
-	j = (j + text->sbox[i]) % 256;
-	
-	/* swap Si and Sj */
-	tmp = text->sbox[i];
-	text->sbox[i] = text->sbox[j];
-	text->sbox[j] = tmp;
-	
-	t = (text->sbox[i] + text->sbox[j]) % 256;
-	
-	K = text->sbox[t];
-	
-	/* byte K is Xor'ed with plaintext */
-	*output++ = *input++ ^ K;
-    }
-    
-    text->i = i;
-    text->j = j;
-}
-
-static void rc4_decrypt(rc4_context_t *text,
-			const char *input,
-			char *output,
-			unsigned len)
-{
-    int tmp;
-    int i = text->i;
-    int j = text->j;
-    int t;
-    int K;
-    const char *input_end = input + len;
-    
-    while (input < input_end) {
-	i = (i + 1) % 256;
-	
-	j = (j + text->sbox[i]) % 256;
-	
-	/* swap Si and Sj */
-	tmp = text->sbox[i];
-	text->sbox[i] = text->sbox[j];
-	text->sbox[j] = tmp;
-	
-	t = (text->sbox[i] + text->sbox[j]) % 256;
-	
-	K = text->sbox[t];
-	
-	/* byte K is Xor'ed with plaintext */
-	*output++ = *input++ ^ K;
-    }
-    
-    text->i = i;
-    text->j = j;
-}
-
-static void free_rc4(context_t *text)
-{
-    /* free rc4 context structures */
-
-    if (text->crypto.enc_ctx) {
-        text->utils->free(text->crypto.enc_ctx);
-        text->crypto.enc_ctx = NULL;
-    }
-    if (text->crypto.dec_ctx) {
-        text->utils->free(text->crypto.dec_ctx);
-        text->crypto.dec_ctx = NULL;
-    }
-}
-
-static int init_rc4(context_t *text, 
-		    unsigned char enckey[16],
-		    unsigned char deckey[16])
-{
-    /* allocate rc4 context structures */
-    text->crypto.enc_ctx=
-	(cipher_context_t *) text->utils->malloc(sizeof(rc4_context_t));
-    if (text->crypto.enc_ctx == NULL) return SASL_NOMEM;
-    
-    text->crypto.dec_ctx=
-	(cipher_context_t *) text->utils->malloc(sizeof(rc4_context_t));
-    if (text->crypto.dec_ctx == NULL) return SASL_NOMEM;
-    
-    /* initialize them */
-    rc4_init((rc4_context_t *) text->crypto.enc_ctx,
-             (const unsigned char *) enckey, 16);
-    rc4_init((rc4_context_t *) text->crypto.dec_ctx,
-             (const unsigned char *) deckey, 16);
-    
-    return SASL_OK;
-}
-
-static int dec_rc4(context_t *text,
-		   const char *input,
-		   unsigned inputlen,
-		   unsigned char digest[16] __attribute__((unused)),
-		   char *output,
-		   unsigned *outputlen)
-{
-    /* decrypt the text part & HMAC */
-    rc4_decrypt((rc4_context_t *) text->crypto.dec_ctx,
-                input, output, inputlen);
-
-    /* no padding so we just subtract the HMAC to get the text length */
-    *outputlen = inputlen - 10;
-    
-    return SASL_OK;
-}
-
-static int enc_rc4(context_t *text,
-		   const char *input,
-		   unsigned inputlen,
-		   unsigned char digest[16],
-		   char *output,
-		   unsigned *outputlen)
-{
-    /* pad is zero */
-    *outputlen = inputlen+10;
-    
-    /* encrypt the text part */
-    rc4_encrypt((rc4_context_t *) text->crypto.enc_ctx,
-                input,
-                output,
-                inputlen);
-    
-    /* encrypt the HMAC part */
-    rc4_encrypt((rc4_context_t *) text->crypto.enc_ctx,
-                (const char *) digest, 
-		(output)+inputlen, 10);
-    
-    return SASL_OK;
-}
-#endif /* HAVE_OPENSSL */
 #endif /* WITH_RC4 */
 
 struct digest_cipher available_ciphers[] =
 {
 #ifdef WITH_RC4
-    { "rc4-40", 40, 5, 0x01, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
-    { "rc4-56", 56, 7, 0x02, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
     { "rc4", 128, 16, 0x04, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 },
 #endif
 #ifdef WITH_DES
